RestrictingEdits

Note: The recipes here are for PmWiki versions 0.6 and 1.0 only. For PmWiki 2.0 recipes, see Cookbook.


Goal

I wanted a way to disallow only edits (not reads) from certain IPs. So, here's the solution.

Solution

Download Attach:blockedit.php and put it in your local/ directory. Then put the following in your local/config.php:

 include_once("blockedit.php");
 $DenyEditFrom = array("10\..*", "192\.168\.0\.1");

Modify to your tastes. $DenyEditFrom should be an array of valid Perl regular expressions that will match against $_SERVER['REMOTE_ADDR']. The above example prevents any edits from computers in the 10.0.0.0/8 subnet, as well as the single address 192.168.1.1. You can also (or in place of $DenyEditFrom) define an $AllowEditFrom array, following the same format as $DenyEditFrom, but which will allow edits from the given IPs instead of deny them. Matches in $AllowEditFrom take precedence over $DenyEditFrom.

See Also

AboutVandalism

History

Comments & Bugs

It will conflict with sessionauth, because they both modify the setting of $AuthFunction. Cookbook.Blocklist could be a replacement.

Contributors

Copyright

Public domain. Feel free to do whatever you want with it, but I'm not responsible for anything that happens :)

Comments

An anonymous contributor notes that the script does not check for uploads and does not check by hostname, e.g. "*.mit.edu". Here is a simple update:

 function ImprovedBasicAuth($pagename,$level,$authprompt=true) { 
  global $AllowEditFrom,$DenyEditFrom; 
  if ($level == "edit" || $level == "post" || $level == "upload" || 
      $level == "postupload" ) { 
    if(is_array($AllowEditFrom)) 
      foreach ($AllowEditFrom as $re) 
        if( preg_match("/^$re$/i", $_SERVER['REMOTE_ADDR']) ) 
          return BasicAuth($pagename,$level,$authprompt); 

    if(is_array($DenyEditFrom)) 
      foreach ($DenyEditFrom as $re) 
        if( preg_match("/^$re$/i", $_SERVER['REMOTE_ADDR']) || 
            preg_match("/^$re$/i", $_SERVER['REMOTE_HOST']) ) 
          return false; 
  } 

  return BasicAuth($pagename,$level,$authprompt); 
 }

pmwiki-2.3.32 -- Last modified by {{}}?

from IP: 85.171.160.186 ip should be disabled by default for security reasons